The Google Baseline For A User Account Area

12 Jan 2017

I have a minimum definition for what I consider to be a good portal for an API, and was spending some time thinking about a baseline definition for the API developer account portion of that portal, as well as potentially any other authenticated, and validated platform user. I want a baseline user account definition that I could use as aa base, and the best one out there off the top of my head would be from Google.

To support my work I went through my Google account page and outlined the basic building blocks of the Google account:

Signing in to Google - Control your password and account access, along with backup options if you get locked out of your account.

Password & sign-in method - Your password protects your account. You can also add a second layer of protection with 2-Step Verification, which sends a single-use code to your phone for you to enter when you sign in.

Password - Manage your password.

2-Step Verification - Manage 2-Step verification.

App Passwords - Create and manage application passwords.

Account recovery options - If you forget your password or cannot access your account, we will use this information to help you get back in.

Account Recovery Email - The email to send recovery instructions.

Account Recovery Phone - The email to send recovery instructions.

Security Question - A secret question to use as verification during recovery.

Device activity & notifications - Review which devices have accessed your account, and control how you want to receive alerts if Google thinks something suspicious might be happening.

Delete your account or services - If you are no longer interested in using specific Google services like Gmail or Google+, you can delete them here. You can even delete your entire Google Account.

Delete a Google service - A Google Account offers many services. Some of these services can be deleted from your account individually.

Delete your Google Account - You're trying to delete your Google Account, which provides access to various Google services. You'll no longer be able to use any of those services, and your account and data will be lost.

These are all building blocks I will add to my API management research, with an overlap with my API portal research. I'm not sure how many of them I will end up recommending as part of my formal guide, but it provides a nice set of things that seem like they SHOULD be present in all online services we use. Google also had two other tools present here, that overlap with my security and privacy research:

Security Checkup - Protect your account in just a few minutes by reviewing your security settings and activity.

Privacy Checkup - Take this quick checkup to review important privacy settings and adjust them to your preference.

I am going to be going through Google's privacy and security sections, grabbing any relevant building blocks that providers should be considering as part their API operations as well. For now, I'm just going to add this to the list of things I think should be present in the accounts of third party platform users, whether they are a developer, partner, or otherwise.

I would also like to consider what other providers offer accounts features I'd like to emulate. Like Amazon, Dropbox, and other leading providers. I would also like to take another look at what the API management providers like 3Scale offer in this area. Eventually, I want to have an industry guide that API providers can follow when thinking about what they should be offering as part of their user accounts.